SmartPost prerequisites
Before you start setting up SmartPost, there are some prerequisites that need to be in place.
e-Boks and Strålfors certificates
Local Registration Authority (LRA) - NemID administrator
The NemID administrator is an employee who is authorized to create access to the service providers' administration portals (e-Boks Administration Portal and Strålfors Connect), create and issue employee certificates to other employees, and assign different roles to the employees such administrator, super administrators, and so on. The NemID administrator is often an employee of the IT department in an organization.
The NemID administator needs to have an LRA certificate, which is a special type of certificate that allows the NemID administrator to manage and issue employee certificates.
Point out an administrator and issue an employee certificate
The LRA administrator assigns an employee as administrator (or super administrator) and issues an employee certificate to this employee. This employee will then be authorized to create dispatch and retrieval systems and to manage the organization's e-Boks and Strålfors configurations.
The typical process is as follows:
- The employee is requested to order an employee certificate at NemID. See https://www.medarbejdersignatur.dk/.
- The LRA administrator receives an approval message from NemID and approves the NemID.
- The employee receives a message from NemID with instructions on how to download the certificate.
- The LRA administrator assigns the employee as administrator or super administrator.
Acquire and use of the certificate (funktionscertifikat)
The LRA administrator needs to acquire a certificate (funktionscertifikat). The SmartPost process will use the certificate as electronic identification in relation to the service providers. The LRA administrator hands over the certificate to the administrator, who will then use the certificate to configure the systems.
The certificate allows a system A to identify itself towards another system B, where system A submits a service.
The certificate can be used in two different ways:
- As dispatcher
- As recipient
This is system A. System A identifies itself towards another system B. System A will use the certificate to encrypt the communication with the use of a private key.
This is system B. System B has received the certificate in a form where it only contains a public key that system B can use to decrypt the communication from system A. If the communication does not derive from system A but from a third unknown system C that pretends to be system A, it will be revealed during the decryption. Only the system with the certificate with the private key can make an encryption that can be decrypted with the public key that system A previously handed over to system B.
The certificate must be stored in the certificate store on the server that runs the SmartPost process.
See Acquire and install the e-Boks Certificate for instructions on the certificate process.
Digital mail Prerequisites
Before you start the installation of the SmartPost process, you need to complete some configuration tasks for SmartPost to be able to communicate with e-Boks.
e-Boks opens for the organization's IP addresses
A prerequisite for SmartPost to be able to communicate with e-Boks through the REST interface is that e-Boks knows the IP addresses of the systems that use the services of e-Boks. These are typically registered at Digitaliseringsstyrelsen (Danish Agency for Digitisation) from where e-Boks usually gets the information.
The IP address is the IP address(es) that is known from the WAN (typically the Internet).
Agreement on provision of NemID services (tilslutningsaftale)
The LRA administrator makes an agreement with e-Boks. See instructions Tilslutning til Digital Post Administrationsportalen from Digitaliseringsstyrelsen.
The agreement must be completed before the configuration of e-Boks can start.
Retrieval system
This sections describes the configuration tasks in connection with setting up a retrieval system in the e-Boks administration portal. The retrieval system allows the SmartPost process to retrieve messages from a mailbox in e-Boks. SmartPost retrieves the messages, such as replies from citizens and organizations to messages in e-Boks and unsolicited messages, and saves them automatically in WorkZone.
Create a retrieval system
Before you start this process, make sure that the organization's IP address is known by e-Boks and that an agreement has been made so that the REST service and the e-Boks administration portal are available. You can verify IP address and the agreement are in place it by logging into the e-Boks administration portal using this link: http://ekstranet.e-boks.dk/. If clicking the link results in a page with a text saying “Kun adgang for myndigheder” (Only accessible for authorities), the organization is either not an authority, or the agreement has not yet been concluded.
See e-Boks opens for the organization's IP addresses and Agreement on provision of NemID services (tilslutningsaftale).
The customer needs to create a retrieval system at e-Boks. This can be done via e-Boks administration portal (http://ekstranet.e-boks.dk/).
The table below describes the values that must be applied to the retrieval system.
| Value name | Value | Description |
|---|---|---|
| Name | Suggestion: ”KMD SmartPost Retrival” | The name by which the retrieval system can be recognized. |
| EAN no. | Customer specific | The EAN number of the authority. |
| Delivery type | Pull | Specifies whether e-Boks needs to “push” messages into the customer’s system, or whether SmartPost needs to request e-Boks’s service in order to retrieve the messages (pull). SmartPost only uses pull. |
| API Version | v1 | Currently, SmartPost only supports v1. |
| Certificate | Customer specific | The certificate to e-Boks is uploaded here. |
| Name of contact person | Customer specific | The name of the person at the customer's business who e-Boks must be able to contact in connection with questions and handover of commercial information. This will typically be a manager in the customer’s organization. |
| Email address of contact person | Customer specific | The email address on which the contact person can be contacted. |
| Phone number of contact person | Customer specific | The phone number on which the contact person can be contacted. |
When the values have been entered, and the retrieval system is created, e-Boks automatically assigns an ID to the retrieval system. This ID must be used in connection with the configuration of SmartPost so that SmartPost knows which retrieval system to use.
See Configure SmartPost for receiving messages.
Create mailboxes
The organization needs to create at least one mailbox at e-Boks in which messages from citizens or an organization can be gathered, before they are collected by the SmartPost retrieval service. Subsequently, the mailbox needs to be connected to the Retrieval system.
Depending on the size of the organization and how it is organized, the organization can decide whether more than one mailbox needs to be configured. As SmartPost applies to a retrieval system and not to a specific mailbox, the customer can decide the number of mailboxes independently of SmartPost. In connection with the configuration of individual mailboxes in e-Boks, the customer can choose if the mailbox should be emptied by a retrieval system and, in that case, by which one. The diagram below shows an example of mailboxes and retrieval systems that are configured in e-boks and SmartPost.
Mailbox A is connected to retrieval system A. If necessary, an alternative system can retrieve messages from Retrieval system A.
Mailbox B and Mailbox C are connected to Retrieval system B. As SmartPost has been configured to retrieve messages from Retrieval system B, Mailbox B and Mailbox C are emptied by SmartPost.
Mailbox D is not connected to any retrieval system. As a result, SmartPost (or an alternative system) cannot retrieve messages from this mailbox via the REST interface.
The table below describes the values with which an e-Boks mailbox can be configured.
| Value name | Value | Description |
|---|---|---|
| Name | For example: ”Mail for organization” | The name of the mailbox as the end user sees it. |
| Description | This mailbox is used for replying to messages sent by SmartPost as well as unsolicited messages. | A description of the mailbox for users who later use the administration portal. |
| Instructions | Send mail to this mailbox if you want to contact the organization. | Description of the mailbox that the end user sees. |
| Select folder for placing the mailbox | See notes | In a minimum configuration, there will only be one mailbox, and this mailbox will be the root mailbox. In such a case, the selection must be empty. In cases of more complex configurations with more mailboxes, the selection is based on the planned mailbox hierarchy. |
| Activation date | Now | Specifies the date where the mailbox will be active, that is visible to the end user. |
| External code can be used freely by suppliers and is available via system call | Empty | Not used. |
| This mailbox must be used by default for reception of mail, in cases where the end user makes a direct request | Selected |
In the minimum configuration, the same mailbox will be used for both end user requests and unsolicited requests. In this case, the mailbox must be the default mailbox, for which reason the field must be selected. In cases of more complex configurations with more mailboxes, this mailbox is not necessarily selected by default. |
| The mailbox must be visible to the end user | Selected |
In the minimum configuration, the same mailbox will be used for both end user requests and unsolicited requests. In this case, the mailbox must be visible so that the end user can use it for unsolicited requests. In cases of more complex configurations with more mailboxes, this mailbox is not necessarily visible. |
Create subject
A minimum of one subject for one of the mailboxes connected to the retrieval system from which SmartPost is to retrieve messages must be configured.
| Value name | Value | Description |
|---|---|---|
| Subject name | For example: “Contact to organization” | The subject that the end user can choose in connection with sending in an unsolicited message for an authority. |
| Form | Empty | Not supported by SmartPost. |
Remote print
Before you can start setting up and configuring remote print, the organization must make an agreement with the selected print center, Strålfors or KMD Printcenter.
Strålfors agreement
Before you can start to use Strålfors Connect for remote print, the following prerequisites must be fulfilled:
- The organization must make an agreement with Strålfors.
- The organization must get a certificate. It is possible to use the same certificate as the one used for e-Boks, but it needs to be clarified with Strålfors.
- Find out which protocol Strålfors uses.
See also Configure remote print.
OneTooX agreement with KMD Printcenter
Before you can start to use OneTooX and send SmartPost messages to KMD Printcenter for printing, the following prerequisites must be fullfilled:
- The organization must make an agreement with KMD Printcenter.
- The organization must get a OneTooX system key from KMD Printcenter. The system key is a PKE file.
- Document types must be defined and set up by KMD Printcenter. The OneTooX document types contains information about the dispatch of a document, for example if it is A or B mail, the envelope type, single-sided or double sided, and so on.
OneTooX requires at least one documentation type.
You need the names of the document types for configuring SmartPost print types.
See also Configure remote print.
